
REPLACEMENT SHEET 



\7 



10 



PERSONAL DIGITAL 
IDENTIFIER (PDI) 



150 



r320 



POLICY 
MANAGER (PM) 



BASE UNIT(BU) 



100 



DEVICE 






WORKSTATION 


MANAGER (DM) 


^ 





(PC) 



f NETWORK J 



CENTRAL 
SERVER(S) 



C$40 



SECURITY 
MANAGER (SM) 




REGISTRATION 
AUTHORITY 
(RA) 



r380 



TRANSACTION 
MANAGER (TM) 



FIG. 1 



REPLACEMENT SHEET 



_r250 



■10 







r15 




WIRELESS TRANSCEIVER 












MICRO- 
PROCESSORS) 




SECURE 
STORAGE 


-25 






PROGRAM 
MEMORY 


-30 






r 


35 




FINGERPRINT MICROCHIP 












BATTERY 















42- 
o 

COMMUNICATIONS 
PORT CONNECTOR 



FIG. 2 



BATTERY 
CHARGER 



-8 
6 

POWER 



50 



WIRELESS TRANSCEIVER 



c 55 
60 



MICRO-PROCESSOR(S) 



65 



i 



COMMUNICATIONS 
PORT CONNECTOR 



FIG. 3 



REPLACEMENT SHEET 



PDI DETECTS NEW 
BUIR SIGNAL 



PDI WAITS 
RANDOM 
NUMBER OF BU 
POLLING CYCLES 



I 



PDI SENDS 
REQUEST TO BE 
ACQUIRED BY BU 




BU SENDS 
POLLING 
MESSAGE TO PDI 




DM GETS INFO ON 
NEW PDI ACQUIRED 
FROM BU 



I 



DM PASSES NEW 
PDI INFO TO TM 



BU CONTINUES 
TO POLL ALL 
RESPONDING 
PDI UNITS 




TM TELLS DM 
TO IGNORE PDI 



TM SENDS 
MESSAGE TO DM 

TO DISPLAY 
LOG-ON FAILURE 



FIG. 4A 



REPLACEMENT SHEET 




PDI IS AN OBSERVER -ACTION 
TAKEN DEPENDS ON POLICY: 

COULD INFORM DM OF USER 
NAME, 

SEND USERS PICTURE TO DM, 
SEND INSTRUCTION TO DM 
TO TAKE ACTION, e.g. OPEN 
DOOR, 

COULD LOG THE EVENT 
OR ANY COMBINATION OF 
ABOVE OPTIONS 
COULD REQUEST USER TO 
BIOMETRICALLY 
AUTHENTICATE AS FOR 
LOG-IN 



TM SENDS SIGNED 
CHALLENGE FOR PDI 
VIA TM, DM AND BU 



PDI VERIFIES 
CHALLENGE USING 
STORED PUBLIC 
KEY OF SM 



TM SENDS MESSAGE 
TO DISPLAY LOGON 

SCREEN 
INSTRUCTING USER 
TO PLACE FINGER 
ON SENSOR 



USER PLACES 
FINGER ON SENSOR 



± 



PDI MATCHES USER 
FINGER TO STORED 
TEMPLATE 



ALLOW 3 TRIES 
TO MATCH 




FIG. 4B 



REPLACEMENT SHEET 



PDI SENDS SIGNED 
MESSAGE TO TM 

INDICATING 
STATUS OF MATCH 



T 



TM GETS PUBLIC 
KEY OF PDI AND 
USER INFO FROM RA 



I 



TM PASSES 
MESSAGE AND KEY 
TO SM TO VERIFY 




TM SENDS MESSAGE 
WITH LOGON INFO 



TM SENDS MESSAGE 

INDICATING 
REFUSAL TO LOGON 



FIG. 4C 



REPLACEMENT SHEET 



APPLICATION NEEDS 
DOCUMENT/TRANSACTION 
TO BE DIGITALLY SIGNED 



I 



APPLICATION SENDS 
DOCUMENT TO SM 



I 



SM CREATES MESSAGE 
DIGEST, SIGNS IT AND 
SENDS IT TO THE DM 



DM FORWARDS 
MESSAGE DIGEST AND 
SM SIGNATURE TO PDI 



PDI VERIFIES THAT 
MESSAGE COMES FROM 
KNOWN SM 




PDI RESPONDS TO 

SM INDICATING 
FAILURE TO VERIFY 





PDI COMPARES 
FINGERPRINT WITH 
STORED TEMPLATE 






USER PLACES 
FINGER ON SENSOR. 
UP TO 3 TRIES 





NO 



FINGERPRINT 
VERIFIES OR 3 
JRIES?. 



FIG. 5 A 



REPLACEMENT SHEET 




PDI SIGNS DOCUMENT MESSAGE 
DIGEST AND SIGNS RESPONSE 
MESSAGE AND SENDS TO SM 



SM VERIFIES THAT THE RESPONSE 
IS PROPERLY SIGNED 



NO 



\VERIFIES7v* 


»• 


jYES 




/ FINGER^V NO 




VERIFIED?/ 


*> 


J^ES 




SM INFORMS APPLICATION OF 
RESULT. THE APPLICATION WILL 
MAKE THE DECISION ABOUT WHAT 
ACTION TO TAKE IN THE CASES OF 
FAILURE 




< 



FIG. 5B 



